Communications terminal and system and rights management method

ABSTRACT

The present invention provides a communications terminal and system and a rights management method, comprising: setting a rights list; listing unique identification information of user identity of each mobile terminal device that is allowed to access to the WiFi hot spot communications terminal; the communications terminal performing authentication on unique identification information in a mobile terminal authentication request; and establishing a connection. It is made convenient for the communications terminal to effectively manage access rights, and the management becomes simpler and easier to operate. Meanwhile, the communications terminal performs authentication on the unique identification information of the user identity, thereby making the authentication process more efficient and improving the security of the authentication process. Meanwhile, priorities of the access rights of users are set, so as to ensure that a user of a high priority has preferential access, thereby making the access rights management more user-friendly.

TECHNICAL FIELD

The disclosure relates to the field of communication, and moreparticularly to a communication User Equipment (UE), communicationsystem, and method for authorization management.

BACKGROUND

A mobile communication UE, especially a smart phone, has a built-in hotspot function. in enabling a hot spot, various modes of authenticationsuch as OPEN-NONE, Wi-Fi Protected Access with a pre-shared key WPAPSK,or the like may be chosen. With the OPEN-NONE, another user is notrequired to enter a password to access the hot spot, which is convenientbut hard to manage, thus susceptible to traffic theft. Withencryption-authentication modes such as the WPAPSK, there is likewise arisk of password leakage, in addition to a cumbersome access process.

An existing WiFi (wireless fidelity, 802.11 b protocol) chip typicallyserves for basic access management such as access authorization,limiting a total number of accessing clients, etc. For example, inaccess authorization, also commonly known as the blacklist/whitelistfunction, when a whitelist is enabled, only a user in the whitelist isallowed to access the hot spot; when a blacklist is enabled, a user inthe blacklist is not allowed to access the hot spot. However, inbottom-layer implementation of the WiFi blacklist/whitelist, a MediaAccess Control (MAC) address serves as an identifier; while a mobile UEas a hot spot features portability and mobility, with a random andunpredictable accessing user, such that it is difficult to acquire andmanage a MAC address. Thus, enabling a hot-spot MAC-basedblacklist/whitelist function on a mobile communication UE poses poorusability and complicated management for common users. Thus, there is apressing need for a secure stable method for authorization managementthat is easy to manage and simple to operate.

SUMMARY

Embodiments herein provide a communication UE, communication system, andmethod for authorization management, capable of managing authorizationof access by a WiFi mobile device properly and effectively.

To this end, a technical solution herein is implemented as follows.

A method for authorization management includes:

receiving, by a communication User Equipment (UE), a WiFi authenticationrequest sent by a mobile UE requesting access of the communication UE,the WiFi authentication request including unique identificationinformation for identifying a current user of the mobile UE requestingaccess, the communication UE being a WiFi hot spot; and

authenticating, by the communication UE, the mobile UE requesting accessaccording to the WiFi authentication request and an authorized list, theauthorized list including unique identification information foridentifying a mobile UE user authorized to access the communication UE.

The authenticating, by the communication UE, the mobile UE requestingaccess according to the WiFi authentication request and an authorizedlist may include: determining, by the communication UE, whether theunique identification information in the WiFi authentication request isincluded in the authorized list, and determining that the mobile UErequesting access is authenticated for access when the uniqueidentification information in the WiFi authentication request isincluded in the authorized list.

The WiFi authentication request may further include a current MediaAccess Control (MAC) address of the mobile UE requesting access, and themethod may further include: after the mobile UE requesting access isauthenticated for access, connecting, by the communication UE, to themobile UE requesting access according to the current MAC address in theWiFi authentication request.

The authorized list of the communication UE may further include a lastMAC address used in last accessing the communication UE by a user. Theconnecting, by the communication UE, to the mobile UE requesting accessaccording to the current MAC address in the WiFi authentication requestmay include: determining whether the current MAC address of the mobileUE requesting access is included in the authorized list; when thecurrent MAC address of the mobile UE requesting access is included inthe authorized list and the current MAC address is identical to the lastMAC address corresponding to the current user of the mobile UErequesting access, directly connecting to the mobile UE requestingaccess according to the current MAC address; when the current MACaddress is not identical to the last MAC address, updating, with thecurrent MAC address, the last MAC address used by the current user inthe authorized list, and connecting to the mobile UE requesting accessaccording to the current MAC address; when the current MAC address ofthe mobile UE requesting access is not included in the authorized list,adding the current MAC address of the mobile UE requesting access to theauthorized list and connecting to the mobile UE requesting accessaccording to the current MAC address.

The communication UE may clear any MAC address corresponding to a mobileUE in the authorized list when the communication UE turns on or offWiFi.

The unique identification information of a user may be a card number ofa SIM card or a USIM card of the user, or an Email account bound to amobile UE of the user.

The method may further include:

selecting contact information from an address book of the communicationUE and importing the selected contact information to the authorizedlist, or adding contact information to the authorized list in a manualmode, the contact information including a name of a contact and uniqueidentification information of the contact;

setting priorities in accessing the communication UE respectively forcontacts in the authorized list.

The method may further include: after the communication UE authenticatesthe mobile UE requesting access according to the WiFi authenticationrequest and the authorized list,

determining, by the communication UE, whether a number of mobile UEscurrently accessing the communication UE has reached an allowed maximalnumber of mobile UEs accessing the communication UE;

when the number of mobile UEs currently accessing the communication UEhas not reached the allowed maximal number of mobile UEs accessing thecommunication UE, connecting, by the communication UE, to the mobile UErequesting access according to a current Media Access Control (MAC)address of the mobile UE requesting access;

when the number of mobile UEs currently accessing the communication UEhas reached the allowed maximal number of mobile UEs accessing thecommunication UE, determining, by the communication UE according to thepriorities in accessing the communication UE respectively for thecontacts in the authorized list, whether a priority corresponding to themobile UE requesting access is higher than a priority corresponding to amobile UE currently accessing the communication UE; when there is amobile UE currently accessing the communication UE with a priority lowerthan the priority corresponding to the mobile UE requesting access,disconnecting the mobile UE currently accessing the communication UEwith the low priority, and connecting to the mobile UE requestingaccess; when there is no mobile UE currently accessing the communicationUE with a priority lower than the priority corresponding to the mobileUE requesting access, refusing access by the mobile UE requestingaccess.

The method may further include: after the mobile UE requesting access isauthenticated for access, and before connecting to the mobile UErequesting access, performing, by the communication UE, passwordauthentication on the mobile UE requesting access.

A communication User Equipment (UE) serving as a WiFi hot spot mayinclude a receiving module and an authenticating module. The receivingmodule is configured for receiving a WiFi authentication request sent bya mobile UE requesting access of the communication UE, The WiFiauthentication request includes unique identification information foridentifying a current user of the mobile UE requesting access. Theauthenticating module is configured for authenticating the mobile UErequesting access according to the WiFi authentication request and anauthorized list. The authorized list includes unique identificationinformation for identifying a mobile UE user authorized to access thecommunication UE.

The authenticating module may include a first determining unit and alisting unit. The first determining unit may be configured fordetermining whether the unique identification information in the WiFiauthentication request is included in the authorized list.

The WiFi authentication request may further include a current MediaAccess Control (MAC) address of the mobile UE requesting access. Thecommunication UE may further include a working module. The workingmodule may be configured for: after the mobile UE requesting access hasbeen authenticated by the authenticating module, connecting thecommunication UE to the mobile UE requesting access according to thecurrent MAC address of the mobile UE requesting access.

The authenticating module may further include a second determining unitand a listing unit. The authorized list saved by the listing unit mayfurther include a last MAC address used in last accessing thecommunication UE by a user. The second determining unit may beconfigured for: determining whether the current MAC address of themobile UE requesting access is included in the authorized list. When thecurrent MAC address of the mobile UE requesting access is included inthe authorized list and the current MAC address is identical to the lastMAC address corresponding to the current user of the mobile UErequesting access, the working module may be notified to connect to themobile UE requesting access according to the current MAC address. Whenthe current MAC address is not identical to the last MAC address, thelast MAC address used by the current user in the authorized list may beupdated with the current MAC address, and the working module may benotified to connect to the mobile UE requesting access according to thecurrent MAC address. When the current MAC address of the mobile UErequesting access is not included in the authorized list, the listingunit may be notified to add the current MAC address of the mobile UErequesting access to the authorized list, and the working module may benotified to connect to the mobile UE requesting access according to thecurrent MAC address. The listing unit may be configured for saving theauthorized list, and adding or updating a MAC address of a mobile UE ofa user in the authorized list.

The listing unit may be further configured for clearing any MAC addresscorresponding to a mobile UE of a user in the authorized list when WiFiis turned on or off.

The unique identification information of a user may be a card number ofa SIM card or a USIM card of the user, or an Email account bound to amobile UE of the user.

The listing unit in the authenticating module may be further configuredfor: selecting contact information from an address book of thecommunication UE and importing the selected contact information to theauthorized list, or adding contact information to the authorized list ina manual mode. The contact information may include a name of a contactand unique identification information of the contact. The listing unitmay be further configured for setting priorities in accessing thecommunication UE respectively for contacts in the authorized list.

The authenticating module may further include a third determining unitand a fourth determining unit. The third determining unit may beconfigured for: after the mobile UE requesting access is authenticatedfor access, determining whether a number of mobile UEs currentlyaccessing the communication UE has reached an allowed maximal number ofmobile UEs accessing the communication UE. When the number of mobile UEscurrently accessing the communication UE has not reached the allowedmaximal number of mobile UEs accessing the communication UE, the workingmodule may be notified to connect the communication UE to the mobile UErequesting access. When the number of mobile UEs currently accessing thecommunication UE has reached the allowed maximal number of mobile UEsaccessing the communication UE, an ON command may be sent to the fourthdetermining unit. The fourth determining unit may be configured for:after receiving the ON command, determining whether a prioritycorresponding to the mobile UE requesting access is higher than apriority corresponding to a mobile UE currently accessing thecommunication UE. When there is a mobile UE currently accessing thecommunication UE with a priority lower than the priority correspondingto the mobile UE requesting access, the working module may be notifiedto disconnect the mobile UE currently accessing the communication UEwith the low priority, and connect the communication UE to the mobile UErequesting access. When there is no mobile UE currently accessing thecommunication UE with a priority lower than the priority correspondingto the mobile UE requesting access, the working module may be notifiedto refuse access by the mobile UE requesting access.

The authenticating module may further include a password authenticationunit. The password authentication unit may be configured for: after themobile UE requesting access is authenticated for access, performingpassword authentication on the mobile UE requesting access.

A communication system may include at least one mobile User Equipment(UE) and a communication UE according to any of claims 10 to 18. Themobile UE may have a WiFi function, and send the communication UE a WiFiauthentication request including unique identification information foridentifying a user.

Advantages of the disclosure are as follows. A communication UE,communication system, and method for authorization management areprovided. An authorized list listing unique identification informationfor identifying any mobile UE user authorized to access thecommunication UE serving as a WiFi hot spot is set, implementingeffective, simple, easy-to-operate access authorization management bythe communication UE. Furthermore, the communication UE authenticatesunique identification information for identifying a user, leading tomore efficient and secure authentication.

In addition, a priority for accessing the communication UE by a user isset, ensuring that a user with a high priority can access thecommunication UE first, allowing more user-friendly access authorizationmanagement.

Meanwhile, in addition to authentication of unique identificationinformation for identifying a user of a mobile UE requesting access,password authentication may further be performed on the mobile UErequesting access, thereby improving security during authentication,reducing occurrence of network pirating.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of a structure of a communication systemaccording to an embodiment herein.

FIG. 2 is a schematic diagram of a structure of a communication UEaccording to an embodiment herein.

FIG. 3 is a flowchart of a method for authorization management accordingto an embodiment herein.

DETAILED DESCRIPTION

According to embodiments herein, an authorized list for userauthorization management is set in a communication UE as a WiFi hotspot; unique identification information for identifying a userauthorized to access the communication UE is stored in the authorizedlist; the communication UE receives a WiFi authentication request sentby a mobile UE requesting to access the communication UE; the WiFiauthentication request may include unique identification information foridentifying a current user of the mobile UE requesting access, thecommunication UE compares the unique identification information foridentifying the current user of the mobile UE requesting access with theunique identification information in the authorized list set in thecommunication UE; when the unique identification information foridentifying the current user of the mobile UE requesting access matchesthe unique identification information in the authorized list, a currentMAC address of the mobile UE requesting access is extracted, and themobile UE requesting access is connected to the communication UEaccording to the extracted current MAC address; when it is the firsttime that the mobile UE requesting access requests connection, thecurrent MAC address in the WiFi authentication request is extracteddirectly for establishing the connection, and the extracted current MACaddress is saved in the authorized list; when the mobile UE requestingaccess has previously logged in (from a last MAC address), the currentMAC address is compared with the last MAC address; when the current MACaddress is identical to the last MAC address, the mobile UE requestingaccess is connected to the communication UE directly according to thecurrent MAC address; when the current MAC address is not identical tothe last MAC address, the last MAC address in the authorized list isupdated with the current MAC address, and the mobile UE requestingaccess is connected to the communication UE according to the current MACaddress. In the disclosure, priorities may be set respectively forcontacts in the authorized list as needed by a user to ensure that auser with a high priority can access the communication UE in time. Thecommunication UE serving as a WiFi hot spot herein may be variousdevices with a built-in WiFi hot spot function, or a device capable ofestablishing a WiFi hot spot by means of an external device, a commonexample of which may be a desktop, a mobile UE, a tablet computer, atelevision set, etc. The mobile UE requesting access may further be sucha device as described above. The mobile UE requesting access may be amobile telephone. The unique identification information of a userthereof may be a card number of a SIM card or a USIM card in the mobileUE requesting access, an Email account bound to a mobile UE of the user,or other information capable of uniquely identifying the user. In orderto clearly show a technical solution herein and advantages thereof, thedisclosure is elaborated below with reference to embodiments anddrawings.

Referring to FIG. 1 and FIG. 2, a communication system herein mainly mayinclude a communication UE with a WiFi function and at least one mobileUE with a WiFi function. The communication UE in the embodiment mainlymay include a receiving module and an authenticating module. Thereceiving module receives a WiFi authentication request sent by a mobileUE requesting access. The WiFi authentication request may include uniqueidentification information for identifying the current user of themobile UE requesting access. The authenticating module may be configuredfor performing authentication on a user according to a received WiFiauthentication request. The communication UE in the embodiment mayfurther include a working module. The working module may be configuredfor establishing connection with a mobile UE after the mobile UE isauthenticated to access the communication UE.

The authenticating module may further include: a listing unit, a firstdetermining unit, a second determining unit, a third determining unit, afourth determining unit, and a password authentication unit. The listingunit may save unique identification information for identifying any userauthorized to access the communication UE. The four determining unitsmay be configured for performing further determination on data in theauthenticating unit. The password authentication unit may be configuredfor performing password authentication on a mobile UE requesting accessfor further user security. A method for authorization managementprovided herein is elaborated below with reference to functions of themodules in the communication UE and of the units in the authenticatingmodule.

Referring to FIG. 3, the method for authorization management herein mayinclude steps as follows.

In Step 100, a communication UE receives a WiFi authentication requestsent by a mobile UE requesting access of the communication UE; the flowthen goes to Step 200.

In step 100, a receiving module in the communication UE may beconfigured for receiving the WiFi authentication request, and forwardingthe received WiFi authentication request to an authenticating module forprocessing. The received WiFi authentication request may include uniqueidentification information for identifying the current user of themobile UE requesting access. The WiFi authentication request sent by themobile UE requesting access may further include a current MAC address ofthe mobile UE requesting access. The current MAC address may or may notbe sent together with the WiFi authentication request. The current MACaddress of the mobile UE requesting access may be sent any time beforethe connection is formally established, or be sent after the WiFiauthentication request is authenticated successfully by thecommunication UE.

In Step 200, the communication UE authenticates the mobile UE requestingaccess according to the WiFi authentication request and an authorizedlist.

In Step 200, the authenticating module may authenticate the mobile UErequesting access. The authorized list saved by a listing unit mayinclude unique identification information for identifying a mobile UEuser authorized to access the communication UE. The uniqueidentification information for identifying a mobile UE user saved in theauthorized list may be of various types, and may be chosen as relatedinformation in an address book of the communication UE, such as a cardnumber of a SIM card or a USIM card in the mobile UE requesting access,an Email account bound to a mobile UE of the user, or other informationcapable of uniquely identifying the user.

The authenticating module may authenticate the mobile UE requestingaccess as follows.

In Step 202, a first determining unit determines whether uniqueidentification information in the WiFi authentication request isincluded in the authorized list; when the unique identificationinformation in the WiFi authentication request is included in theauthorized list, the flow goes to Step 204; otherwise when the uniqueidentification information in the WiFi authentication request is notincluded in the authorized list, the flow goes to Step 400.

In Step 202, the first determining unit may search the authorized listfor a file of a type same as that of the unique identificationinformation in the WiFi authentication request. For example, when thereceived WiFi authentication request contains a card number of a SIMcard of the current user, the authorized list may be searched for a cardnumber file of the same type to determine whether the card number of theSIM card of the current user is included in a saved record for usersauthorized to access the communication UE.

In Step 204, the password authentication unit performs passwordauthentication on the mobile UE requesting access; the flow goes to Step206 when the mobile UE requesting access passes the passwordauthentication; otherwise when the mobile UE requesting access fails thepassword authentication, the flow goes to step 400.

In Step 204, a step of WPAPSK password authentication may be includedfor enhanced user security. In practice, the WPAPSK passwordauthentication may be skipped as excellent security may be achieved withthe unique identifier information.

In Step 206, the third determining unit determines whether a number ofmobile UEs currently accessing the communication UE has reached anallowed maximal number of mobile UEs accessing the communication UE;when the number of mobile UEs currently accessing the communication UEhas reached the allowed maximal number, an On command may be sent to thefourth determining unit, and the flow goes to Step 208; otherwise whenthe number of mobile UEs currently accessing the communication UE hasnot reached the allowed maximal number, the flow goes to Step 212.

The allowed maximal number of mobile UEs accessing the communication UEmay be set, for example by a user, to avoid poor user experience due toexcessive users accessing the communication UE at the same time.

In Step 208, the fourth determining unit is activated/turned on todetermined whether a priority corresponding to the current user of themobile UE requesting access is higher than a priority of a user of amobile UE currently accessing the communication UE; when there is amobile UE currently accessing the communication UE with a priority lowerthan the priority corresponding to the mobile UE requesting access, theflow goes to step 210; when there is no mobile UE currently accessingthe communication UE with a priority lower than the prioritycorresponding to the mobile UE requesting access, the flow goes to Step400.

Before Step 208, a priority for each user in the authorized list needsto be set, for example as follows. Contact information may be selectedfrom the address book of the communication UE and imported to theauthorized list. All the contact information may be imported in batchesor once for all. Contact information may be manually added to theauthorized list. Contact information in the authorized list may includea name of a contact and unique identification information of thecontact. After contact information is included in the authorized list, apriority is to be set for each contact in the authorized list. A “high”,“medium”, or “low” priority may be set for a contact based on a userdecision. A default priority may be set, as the medium priority, forexample. There may be various ways to set a priority, which will not beelaborated herein.

Referring to Table 1, the authorized list may include various types ofdata, such as a card number of a SIM card of a user. The authorized listmay include a card number of a SIM card or a USIM card of a user, a nameof the user, a priority for accessing the communication UE by the user(access priority for short), a MAC address, etc.

TABLE 1 Authorized List (U) card number of SIM card User Name AccessPriority MAC Address 136XXXXXXXX Zhang X Medium (default)00:11:11:11:11:11 189XXXXXXXX Li X High 186XXXXXXXX Wang X Low . . . . .. . . . . . .

In Step 210, the working module disconnects the mobile UE currentlyaccessing the communication UE with the low priority, and the flow goesto Step 212.

In Step 210, a mobile UE currently accessing the communication UE with alow priority may be disconnected in various ways. A mobile UE currentlyaccessing the communication UE with a low priority may be disconnectedrandomly. Alternatively, one of the mobile UEs currently accessing thecommunication UE with low priorities that has stayed connected for thelongest time may be disconnected.

In Step 212, the second determining unit determines whether the currentMAC address of the mobile UE requesting access is included in theauthorized list; the flow goes to Step 300.

In Step 212, the authorized list saved by the listing unit may furtherinclude the last MAC address used in last accessing the communication UEby a user; when the current MAC address of the mobile UE requestingaccess is included in the authorized list, the flow goes to Step 214;otherwise when the current MAC address is not in the authorized list,the flow goes to Step 218.

In Step 214, it is determined whether the current MAC address isidentical to the last MAC address corresponding to the current user ofthe mobile UE requesting access; when the current MAC address isidentical to the last MAC address corresponding to the current user ofthe mobile UE requesting access, the current MAC address is sent to theworking module, and the flow goes to Step 300; otherwise when thecurrent MAC address is not identical to the last MAC addresscorresponding to the mobile UE requesting access, the flow goes to Step216.

In Step 216, the listing unit updates, with the current MAC address, thelast MAC address used by the current user in the authorized list; thecurrent MAC address is sent to the working module; and then the flowgoes to Step 300.

In Step 218, the listing unit adds the current MAC address of the mobileUE requesting access to the authorized list; the current MAC address issent to the working module; and the flow goes to Step 300.

In Step 300, the working module connects the communication UE to themobile UE requesting access according to the current MAC address of themobile UE requesting access.

In Step 400, the connection is terminated.

Before Step 100, the method may further include: determining whether thecommunication UE turns on authorization management; when thecommunication UE turns on authorization management, the flow goes, toStep 100; otherwise when the authorization management function is off,the flow turns to normal authentication.

What described are merely embodiments herein and are not intended tolimit the scope of the disclosure.

1. A method for authorization management, comprising: receiving, by acommunication User Equipment (UE), a WiFi authentication request sent bya mobile UE requesting access of the communication UE, the WiFiauthentication request comprising unique identification information foridentifying a current user of the mobile UE requesting access, thecommunication UE being a WiFi hot spot; and authenticating, by thecommunication UE, the mobile UE requesting access according to the WiFiauthentication request and an authorized list, the authorized listcomprising unique identification information for identifying a mobile UEuser authorized to access the communication UE.
 2. The method accordingto claim 1, wherein the authenticating, by the communication UE, themobile UE requesting access according to the WiFi authentication requestand an authorized list comprises: determining, by the communication UE,whether the unique identification information in the WiFi authenticationrequest is comprised in the authorized list, and determining that themobile UE requesting access is authenticated for access when the uniqueidentification information in the WiFi authentication request iscomprised in the authorized list.
 3. The method according to claim 1,wherein the WiFi authentication request further comprises a currentMedia Access Control (MAC) address of the mobile UE requesting access,and the method further comprises: after the mobile UE requesting accessis authenticated for access, connecting, by the communication UE, to themobile UE requesting access according to the current MAC address in theWiFi authentication request.
 4. The method according to claim 3, whereinthe authorized list of the communication UE further comprises a last MACaddress used in last accessing the communication UE by a user; theconnecting, by the communication UE, to the mobile UE requesting accessaccording to the current MAC address in the WiFi authentication requestcomprises: determining whether the current MAC address of the mobile UErequesting access is comprised in the authorized list; when the currentMAC address of the mobile UE requesting access is comprised in theauthorized list and the current MAC address is identical to the last MACaddress corresponding to the current user of the mobile UE requestingaccess, directly connecting to the mobile UE requesting access accordingto the current MAC address; when the current MAC address is notidentical to the last MAC address, updating, with the current MACaddress, the last MAC address used by the current user in the authorizedlist, and connecting to the mobile UE requesting access according to thecurrent MAC address; when the current MAC address of the mobile UErequesting access is not comprised in the authorized list, adding thecurrent MAC address of the mobile UE requesting access to the authorizedlist and connecting to the mobile UE requesting access according to thecurrent MAC address.
 5. The method according to claim 4, wherein thecommunication UE clears any MAC address corresponding to a mobile UE inthe authorized list when the communication UE turns on or off WiFi. 6.The method according to claim 1, wherein the unique identificationinformation of a user is a card number of a SIM card or a USIM card ofthe user, or an Email account bound to a mobile UE of the user.
 7. Themethod according to claim 6, further comprising: selecting contactinformation from an address book of the communication UE and importingthe selected contact information to the authorized list, or addingcontact information to the authorized list in a manual mode, the contactinformation comprising a name of a contact and unique identificationinformation of the contact; setting priorities in accessing thecommunication UE respectively for contacts in the authorized list. 8.The method according to claim 7, further comprising: after thecommunication UE authenticates the mobile UE requesting access accordingto the WiFi authentication request and the authorized list, determining,by the communication UE, whether a number of mobile UEs currentlyaccessing the communication UE has reached an allowed maximal number ofmobile UEs accessing the communication UE; when the number of mobile UEscurrently accessing the communication UE has not reached the allowedmaximal number of mobile UEs accessing the communication UE, connecting,by the communication UE, to the mobile UE requesting access according toa current Media Access Control (MAC) address of the mobile UE requestingaccess; when the number of mobile UEs currently accessing thecommunication UE has reached the allowed maximal number of mobile UEsaccessing the communication UE, determining, by the communication UEaccording to the priorities in accessing the communication UErespectively for the contacts in the authorized list, whether a prioritycorresponding to the mobile UE requesting access is higher than apriority corresponding to a mobile UE currently accessing thecommunication UE; when there is a mobile UE currently accessing thecommunication UE with a priority lower than the priority correspondingto the mobile UE requesting access, disconnecting the mobile UEcurrently accessing the communication UE with the low priority, andconnecting to the mobile UE requesting access; when there is no mobileUE currently accessing the communication UE with a priority lower thanthe priority corresponding to the mobile UE requesting access, refusingaccess by the mobile UE requesting access.
 9. The method according toclaim 6, further comprising: after the mobile UE requesting access isauthenticated for access, and before connecting to the mobile UErequesting access, performing, by the communication UE, passwordauthentication on the mobile UE requesting access.
 10. A communicationUser Equipment (UE), the communication UE being a WiFi hot spot,comprising a receiving module and an authenticating module, wherein thereceiving module is configured for receiving a WiFi authenticationrequest sent by a mobile UE requesting access of the communication UE,the WiFi authentication request comprising unique identificationinformation for identifying a current user of the mobile UE requestingaccess; the authenticating module is configured for authenticating themobile UE requesting access according to the WiFi authentication requestand an authorized list, the authorized list comprising uniqueidentification information for identifying a mobile UE user authorizedto access the communication UE.
 11. The communication UE according toclaim 10, wherein the authenticating module comprises a firstdetermining unit and a listing unit, wherein the first determining unitis configured for determining whether the unique identificationinformation in the WiFi authentication request is comprised in theauthorized list.
 12. The communication UE according to claim 10, whereinthe WiFi authentication request further comprises a current Media AccessControl (MAC) address of the mobile UE requesting access, and thecommunication UE further comprises a working module configured for:after the mobile UE requesting access has been authenticated by theauthenticating module, connecting the communication UE to the mobile UErequesting access according to the current MAC address of the mobile UErequesting access.
 13. The communication UE according to claim 12,wherein the authenticating module further comprises a second determiningunit and a listing unit; the authorized list saved by the listing unitfurther comprises a last MAC address used in last accessing thecommunication UE by a user; the second determining unit is configuredfor: determining whether the current MAC address of the mobile UErequesting access is comprised in the authorized list; when the currentMAC address of the mobile UE requesting access is comprised in theauthorized list and the current MAC address is identical to the last MACaddress corresponding to the current user of the mobile UE requestingaccess, notifying the working module to connect to the mobile UErequesting access according to the current MAC address; when the currentMAC address is not identical to the last MAC address, updating, with thecurrent MAC address, the last MAC address used by the current user inthe authorized list, and notifying the working module to connect to themobile UE requesting access according to the current MAC address; whenthe current MAC address of the mobile UE requesting access is notcomprised in the authorized list, notifying the listing unit to add thecurrent MAC address of the mobile UE requesting access to the authorizedlist, and notifying the working module to connect to the mobile UErequesting access according to the current MAC address; the listing unitis configured for saving the authorized list, and adding or updating aMAC address of a mobile UE of a user in the authorized list.
 14. Thecommunication UE according to claim 13, wherein the listing unit isfurther configured for clearing any MAC address corresponding to amobile UE of a user in the authorized list when WiFi is turned on oroff.
 15. The communication UE according to claim 10, wherein the uniqueidentification information of a user is a card number of a SIM card or aUSIM card of the user, or an Email account bound to a mobile UE of theuser.
 16. The communication UE according to claim 15, wherein thelisting unit in the authenticating module is further configured for:selecting contact information from an address book of the communicationUE and importing the selected contact information to the authorizedlist, or adding contact information to the authorized list in a manualmode, the contact information comprising a name of a contact and uniqueidentification information of the contact; setting priorities inaccessing the communication UE respectively for contacts in theauthorized list.
 17. The communication UE according to claim 16, whereinthe authenticating module further comprises a third determining unit anda fourth determining unit; the third determining unit is configured for:after the mobile UE requesting access is authenticated for access,determining whether a number of mobile UEs currently accessing thecommunication UE has reached an allowed maximal number of mobile UEsaccessing the communication UE; when the number of mobile UEs currentlyaccessing the communication UE has not reached the allowed maximalnumber of mobile UEs accessing the communication UE, notifying theworking module to connect the communication UE to the mobile UErequesting access; when the number of mobile UEs currently accessing thecommunication UE has reached the allowed maximal number of mobile UEsaccessing the communication UE, sending an ON command to the fourthdetermining unit; the fourth determining unit is configured for: afterreceiving the ON command, determining whether a priority correspondingto the mobile UE requesting access is higher than a prioritycorresponding to a mobile UE currently accessing the communication UE;when there is a mobile UE currently accessing the communication UE witha priority lower than the priority corresponding to the mobile UErequesting access, notifying the working module to disconnect the mobileUE currently accessing the communication UE with the low priority, andconnect the communication UE to the mobile UE requesting access; whenthere is no mobile UE currently accessing the communication UE with apriority lower than the priority corresponding to the mobile UErequesting access, notifying the working module to refuse access by themobile UE requesting access.
 18. The communication UE according to claim17, wherein the authenticating module further comprises a passwordauthentication unit configured for: after the mobile UE requestingaccess is authenticated for access, performing password authenticationon the mobile UE requesting access.
 19. A communication system,comprising at least one mobile User Equipment (UE) and a communicationUE according to claim 10; the mobile UE having a WiFi function, andsending the communication UE a WiFi authentication request comprisingunique identification information for identifying a user.